/*
 *
 *  *  Copyright (c) 2019-2020, 冷冷 (wangiegie@gmail.com).
 *  *  <p>
 *  *  Licensed under the GNU Lesser General Public License 3.0 (the "License");
 *  *  you may not use this file except in compliance with the License.
 *  *  You may obtain a copy of the License at
 *  *  <p>
 *  * https://www.gnu.org/licenses/lgpl.html
 *  *  <p>
 *  * Unless required by applicable law or agreed to in writing, software
 *  * distributed under the License is distributed on an "AS IS" BASIS,
 *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  * See the License for the specific language governing permissions and
 *  * limitations under the License.
 *
 */

package com.liycloud.common.security.component;

import lombok.RequiredArgsConstructor;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;

import javax.servlet.http.HttpServletRequest;

/**
 * 改造 {@link BearerTokenExtractor}
 * 对公开权限(忽略权限认证的)  的url请求, 不进行提取 Authentication 直接返回 null
 * 其他的未配置的, 还是沿袭框架本身的 BearerTokenExtractor
 *
 *  BearerTokenExtractor 功能: 从请求HttpServletRequest (请求头Authorization 或者请求参数 access_token ) 获取 Bearer 后边部分的字符串 tokenValue
 *
 *  获取成功 则封装成 PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(tokenValue, "");
 *
 * @date 2020.05.15
 */
@Component
@RequiredArgsConstructor
public class PigxBearerTokenExtractor extends BearerTokenExtractor {

	private final PathMatcher pathMatcher = new AntPathMatcher();

	private final PermitAllUrlProperties urlProperties;

	/**
	 * 更改
	 * @param request
	 * @return
	 */
	@Override
	public Authentication extract(HttpServletRequest request) {

		// 是否匹配 PermitAllUrlProperties 中的忽略 url
		boolean match = urlProperties.getIgnoreUrls().stream()
				.anyMatch(url -> pathMatcher.match(url, request.getRequestURI()));

		// 匹配的直接返回 null 因为没有认证
		return match ? null : super.extract(request);
	}

}
